[Cialug] Shellshock Bash Remote Code Execution Vulnerability

[Scott Yates]

Thanks Will, that is similar to the other articles I have been reading.  I
am still left with the question however, how are environment variables
being set on a machine that does not allow user login?

CGI scripts that spawn a bash shell or subshell are mentioned, but I don't
see how they would be enticed to set an env variable.
​
​All the tests I see are running local bash shell command lines.  I really
want to understand this, but I am not seeing how this is a "remote" issue
still.  I am probably being dense here.  Is there something else to look at
maybe?  My google-fu is failing me here.​